On 6/8/06, Livneh Ran <[EMAIL PROTECTED]> wrote:
Hi. Is there a way to block certain user from specific network? I'd like to deny access for user "internal" from the outside world, or allow access to that user only from 10.x.x.x networks.
You can prevent a user from accessing a network by socksifying your network applications and using socks for access control. It's not a perfect solution though. Another way is using netfilter: http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-7.html#ss7.3 using the owner module: owner This module attempts to match various characteristics of the packet creator, for locally-generated packets. It is only valid in the OUTPUT chain, and even then some packets (such as ICMP ping responses) may have no owner, and hence never match. --uid-owner userid Matches if the packet was created by a process with the given effective (numerical) user id. --gid-owner groupid Matches if the packet was created by a process with the given effective (numerical) group id. -- Arik ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
